UC San Diego is ranked the 9th best public university in the nation by U.S. News and World Report and is the largest employer based in San Diego County.
Reporting to the VC-CFO, Information Technology Services (ITS) delivers Enterprise information technology services to the University of California, San Diego (UCSD) under the leadership of the campus Chief Information Officer (CIO).
Information Technology Services (IT Services) uses world-class services and technologies to empower UC San Diego's mission to transform California and the world as a student-centered, research-focused, service-oriented public university. As a strategic member of the UC San Diego community, IT Services embraces innovation in their delivery of IT services, infrastructure, applications, and support. IT Services is customer-focused and committed to collaboration, continuous improvement, and accountability.
As the Information Security Office of the University of California, San Diego we manage cybersecurity, community security awareness, identity and access management, and security architecture and engineering, as well as helping researchers comply with an ever changing regulatory landscape. We are a service oriented organization focused on supporting mission-centric activities, advancing the competitiveness of the campus.
Under the guidance of the CISO and in partnership with other campus administrators, the IT Risk and Compliance Program Manager is tasked with designing and steering our risk and compliance program. This position will require an individual with strong technical skill and experience, excellent interpersonal skills, and a willingness to go beyond the role of an auditor but to act as a partner for projects, researchers, or IT staff working with regulated or otherwise protected information and systems. This will include
• Performing risk assessments of vended products and new projects
• Engage in contract review and negotiations to best protect the University’s interests, members of our community, and compliance with legal and policy obligations
• Lead and/or act as a subject matter expert for initiatives related to data security and regulatory compliance including acting as a liaison and tech lead for PCI compliance
• Lead our program for controlled unclassified information for both cloud and on premise solutions
• Provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements such a PCI, HIPAA, FERPA. iTAR.
Our employees enjoy competitive compensation packages and educational opportunities in a diverse, stimulating workforce. This position is eligible for full: 1) Health/Dental/Vision Insurance 2) Vacation/Holidays (15 vacation days and 13 paid holidays a year) 3) Life Insurance 4) UC Retirement Plan.
• Employee must be available to work evenings, weekends, and holidays.
• Employee must be available to travel as required.
• Must be willing and able to work on a rotating on-call basis.
For more information about UCSD Benefits visit - http://blink.ucsd.edu/HR/benefits/index.html and UCSD Work/Life visit https://blink.ucsd.edu/HR/benefits/work-life/index.html
To calculate an approximate value of the UC Total Compensation package, please click here: http://ucnet.universityofcalifornia.edu/compensation-and-benefits/total-compensation-calculator.php
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age, protected veteran status, gender identity or sexual orientation. For the complete University of California nondiscrimination and affirmative action policy see: http://www-hr.ucsd.edu/saa/nondiscr.html
• Bachelor's degree in Computer Science, Information Security or a closely-related field AND six (6) years of related experience in information security in an enterprise environment OR ten (10) years of recent relevant experience.
• Advanced knowledge of IT security. Extensive expertise in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments. Advanced experience with web application and network/endpoint vulnerability scanning and remediation, pen testing, sensitive data discovery and data loss prevention systems.
• Demonstrated skills applying security controls to computer software and hardware. Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-115, PCI DSS, HIPAA, FERPA, etc.).
• Advanced experience using IT security systems and tools.
• Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.
• Ability to give work direction, create task assignments, and give instructions to subordinate technical staff to accomplish project goals/milestones.
• Job offer is contingent upon satisfactory clearance based on Background Check results.